Adds commerical policy, version bumps for KMS fixes

common/aws-us-gov/afs-mdr-common-services-gov/008-xdr-binaries/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v1.23.9"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v1.23.12"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws-us-gov/afs-mdr-common-services-gov/110-xdr-binaries-write-role/terragrunt.hcl

@@ -13,7 +13,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/s3_bucket_writer_role?ref=v1.23.9"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/s3_bucket_writer_role?ref=v1.23.12"
 }
 
 # Include all settings from the root terragrunt.hcl file
@@ -58,4 +58,8 @@ inputs = {
     dependency.prod-salt-master.outputs.role_arn,
     dependency.test-salt-master.outputs.role_arn,
   ]
+
+  kms_key_ids = [
+    dependency.bucket.outputs.kms_key_arn
+  ]
 }

common/aws/mdr-common-services/008-xdr-binaries/terragrunt.hcl

@@ -18,7 +18,7 @@ locals {
 # working directory, into a temporary folder, and execute your Terraform commands in that folder.
 terraform {
   # Double slash is intentional and required to show root of modules
-  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v1.0.1"
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/globally_accessible_bucket?ref=v1.23.12"
 }
 
 # Include all settings from the root terragrunt.hcl file

common/aws/mdr-common-services/110-xdr-binaries-write-role/.tfswitch.toml

@@ -0,0 +1 @@
+../../../../.tfswitch.toml

common/aws/mdr-common-services/110-xdr-binaries-write-role/README.md

@@ -0,0 +1,11 @@
+# About this
+
+This is tricky to apply.  You can't apply it until after:
+
+
+008-xdr-binaries in this project
+071-instance-salt-master in mdr-prod-c2
+071-instance-salt-master in mdr-test-c2
+
+
+Sorry for the back and forth, it's not easily avoided.

common/aws/mdr-common-services/110-xdr-binaries-write-role/terragrunt.hcl

@@ -0,0 +1,63 @@
+locals {
+  # If you want to use any of the variables in _this_ file, you have to load them here.
+  # However, they will all be available as inputs to the module loaded in terraform.source
+  # below.
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+  partition_vars = read_terragrunt_config(find_in_parent_folders("partition.hcl"))
+  region_vars = read_terragrunt_config(find_in_parent_folders("region.hcl"))
+  account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
+  global_vars = read_terragrunt_config(find_in_parent_folders("globals.hcl"))
+}
+
+# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the
+# working directory, into a temporary folder, and execute your Terraform commands in that folder.
+terraform {
+  # Double slash is intentional and required to show root of modules
+  source = "git@github.xdr.accenturefederalcyber.com:mdr-engineering/xdr-terraform-modules.git//base/s3_bucket_writer_role?ref=v1.23.12"
+}
+
+# Include all settings from the root terragrunt.hcl file
+include {
+  path = find_in_parent_folders()
+}
+
+dependencies {
+  paths = [
+    "../008-xdr-binaries"
+  ]
+}
+
+dependency "prod-salt-master" {
+  config_path = "../../../../prod/aws-us-gov/mdr-prod-c2/071-instance-salt-master"
+}
+
+dependency "test-salt-master" {
+  config_path = "../../../../test/aws-us-gov/mdr-test-c2/071-instance-salt-master"
+}
+
+dependency "bucket" {
+  config_path = "../008-xdr-binaries"
+}
+
+# These are the variables we have to pass in to use the module specified in the terragrunt source above
+inputs = {
+  # All of the inputs from the inherited hcl files are available automatically
+  # (via the `inputs` section of the root `terragrunt.hcl`). However, modules
+  # will be more flexible if you specify particular input values.
+  tags = {
+    Purpose = "Read/Write access to afsxdr-binaries s3 bucket"
+    Terraform = "aws/${basename(get_parent_terragrunt_dir())}/${path_relative_to_include()}/"
+  }
+
+  bucket       = dependency.bucket.outputs.arn
+  name         = "afsxdr-binaries_writers"
+  description  = "Write access to the s3 bucket for afsxdr-binaries"
+  trusted_arns = [
+    "arn:aws:iam::477548533976:role/salt-master-instance-role",  # Legacy prod salt master
+    "arn:aws:iam::527700175026:role/salt-master-instance-role",  # Legacy test salt master
+  ]
+
+  kms_key_ids = [
+    dependency.bucket.outputs.kms_key_arn
+  ]
+}